AT&T to Pay $25M |to Settle Data Claims

(CN) – AT&T will pay $25 million to settle claims related to data breaches at call centers in Mexico, Colombia and the Philippines that affected nearly 280,000 U.S. consumers, the Federal Communications Commission announced. According to the agency, the breach involved the unauthorized disclosure by AT&T call center employees of the consumers’ names, full or partial Social Security numbers, and other supposedly protected account data information. It alleges that the employees would steal the data when consumers requested handset unlock codes for the AT&T mobile phones, and then provided the information to third parties who appear to have been trafficking in stolen cell phones or secondary market phones they wanted to unlock. The FCC’s enforcement bureau uncovered the full extent of the alleged activity while investing a 168-day data breach at an AT&T call center in Mexico between November 2013 and April 2014. During this period, three call center employees were paid by third parties to obtain customer information – specifically, names and at least the last four digits of customers’ Social Security numbers – that could then be used to submit online requests for cellular handset unlock codes, the agency says. The three call center employees accessed more than 68,000 accounts without customer authorization, which they then provided to third parties who used that information to submit 290,803 handset unlock requests through AT&T’s online customer unlock request portal, the FCC says. In a statement AT&T said it has changes its policies and strengthened its operations since the breaches were identified. As part of the settlement, AT&T must notify customers who may have been affected by the breach. But in its statement, the company said it has “no reason to believe that the information was used for identity theft or financial fraud.”